CheckMarx admits it was hit by major cyberattack that saw data leaked onto Dark Web
Date:
Tue, 28 Apr 2026 13:37:33 +0000
Description:
CheckMarx confirms March 2026 attack did result in data theft.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter CheckMarx confirms breach tied to a recent supply chain attack Stolen data originated from its GitHub repository, with investigations still ongoing Threat actors later claimed to have exfiltrated source code and sensitive credentials A day after Checkmarxs data appeared on the dark web, the company has officially confirmed suffering a data breach.
In a breach notification published on the company blog, Checkmarx said it was still investigating the incident, but confirmed the leaked data was stolen from its GitHub repository, and that access to that repository was facilitated, "through the initial supply chain attack of March 23, 2026."
What Checkmarx is referring to is a supply chain incident that affected
Trivy, an open source vulnerability scanner. A week before the attack, a
group known as TeamPCP smuggled an infostealer into the scanner, nabbing user secrets, cloud credentials, SSH keys, and Kubernetes configuration files. After that they added persistent backdoors on the devices of the victimized developers, for further access. Article continues below You may like Vercel confirms data breach EU cyberattack may have been worse than we thought -
90GB of data published online as 30 entities hit HackerOne says employees hit by data breach - and Navia hack is to blame Lapsus$ leaks the files From there, they were also able to pivot into other environments, including LiteLLM, Telnyx, and KICS. They also compromised other Checkmarx tools,
GitHub Actions, and two Open VSX plugins . At the time, the researchers said the malware stole browser data (cookies, autofill information, browsing history, bookmarks, credit cards, and login credentials, from the biggest browsers such as Opera, Chrome, Brave, Vivaldi, Yandex, and Edge), Discord data (including Discord tokens, which can be used to access accounts), cryptocurrency wallet data, Telegram chat sessions, computer files, and Instagram data.
It was suggested that more than 170,000 people may have been at risk.
The company has since barred access to the affected repository and said if it determines user data was stolen, it will notify affected parties immediately.
A day before posting that notification, threat actors calling themselves Lapsus$ added Checkmarx to their data leak website, claiming to have exfiltrated source code, API keys, MongDB and MySQL login credentials, and employee details. Checkmarx has not commented on these claims. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Via The Register The best antivirus for all budgets Our top picks, based on real-world testing and comparisons
Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/checkmarx-admits-it-was-hit-by-major-cy berattack-that-saw-data-leaked-onto-dark-web
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)